package com.xydtech.framework.jwt.filter;

import org.springframework.web.filter.OncePerRequestFilter;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/*
 * 响应过滤器,添加HTTP响应头预防XSS攻击
 * @author lin
 * @version 1.0
 * @create 2023/12/19 15:40
 */
public class ResponseFilter extends OncePerRequestFilter {
    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
        // 设置响应头，预防HTTP响应头缺失漏洞
//        response.setHeader("X-Permitted-Cross-Domain-Policies", "master-only");
        response.setHeader("X-XSS-Protection", "1;mode=block");
        /*response.setHeader("X-Download-Options", "noopen");
        response.setHeader("X-Content-TYpe-OPtions", "nosniff");
        response.setHeader("Content-Security-Policy", "default-src 'self'");
        response.setHeader("X-Frame-Options", "SAMEORIGIN");*/

        // 过滤放行
        filterChain.doFilter(request, response);

    }
}
